<?php
class Brothersmodel extends Model {
//*************************************************************************************
//MODEL used to connect to the database and retrive information from the Brothers table
//*************************************************************************************
    function Brothersmodel()
    {
        // Call the Model constructor
        parent::Model();
    }

    public function get_brothers()
    //This function selects information from the database about every brother who is not an alumni
    {
        $selectquery = "Select FirstName, LastName, email, Phone, Position from  Brothers where Alumni = 0 order by FirstName";
        $query = $this->db->query($selectquery);

        return $query->result();
    }

    public function get_login()
    //Function that grants access to users who introduce the correct user credentials
    {
       $username = $_POST['username'];
       $username = "'" . $username . "'";
       $password = $_POST['password'];
       $password = "'" . $password . "'";

       $pass_injection_free = $this->brothersmodel->validate(trim($password));
       $user_injection_free = $this->brothersmodel->validate(trim($username));


       //Statement that checks to see that the user did not attempt an sql injection
       //Sql query that checks to see that the user is valid
       if ($pass_injection_free == TRUE && $user_injection_free == TRUE){
          $loginquery = "Select 1 from  Brothers where username ="  . $username  . " and password =". $password . "";
          $query = $this->db->query($loginquery);
        } 
        else {
            $query = false;  
        }
        return $query->result();  
    }

    Private Function validate($str){
    //Function that looks for possible SQL injection
        $allowed_characters = array(' ');

        for($i = 0; $i < strlen($str); $i++)
	{
            $curr_char = substr($str, $i, 1);
            if (in_array($curr_char, $allowed_characters)){
                $error_messages = False;
                break;
            }
            else{
                $error_message = True;
            }
        }
             return $error_message;
        }
}


